Hi Jim. you can notice
<sslContext> <sslContext keyStore="file:${activemq.base}/conf/broker.ks" keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts" trustStorePassword="password"/> </sslContext> in activemq-demo.xml which is used to configure locations and passwords for key and trust stores. Cheers -- Dejan Bosanac - http://twitter.com/dejanb Open Source Integration - http://fusesource.com/ ActiveMQ in Action - http://www.manning.com/snyder/ Blog - http://www.nighttale.net On Sun, May 2, 2010 at 11:26 PM, Jim Lloyd <jll...@silvertailsystems.com>wrote: > We have a relative simple topology where there are a few machines > configured > as network of brokers. Each machine has one broker, and then one or more > activemq client applications. Each client only connects to the broker on > local host. Every broker statically connects to every other broker. > > We have a requirement that all traffic on the wire be encrypted, so we are > using SSL for the network connectors between brokers. The local traffic > between the clients and the localhost broker uses plaintext openwire, i.e. > a > tcp transport. > > The relative section from the .conf file looks something like this: > > <networkConnectors> > <networkConnector name="superman-to-batman" > uri="static:(ssl://batman:24001)"/> > <networkConnector name="superman-to-flash" > uri="static:(ssl://flash:24001)"/> > </networkConnectors> > > <transportConnectors> > <transportConnector name="open" uri="tcp://127.0.0.1:24002" /> > <transportConnector name="ssl" uri="ssl://0.0.0.0:24001" /> > </transportConnectors> > > For testing purposes we have been using the demo broker.ks, broker.ts, > client,ks, client.ts files that ship with activemq. We now want to generate > our own files. I've read > how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html> but > there is something mysterious to me that I want to understand. > > I see in activemq-demo.xml where the broker.ks and broker.ts files are > configured, but I don't see where client.ks and client.ts are configured. > These files are referenced in > how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html>, > where it says: > > When starting the client's VM, specify the following system properties: > > javax.net.ssl.keyStore=/path/to/client.ks > javax.net.ssl.keyStorePassword=password > javax.net.ssl.trustStore=/path/to/client.ts > > > However, we never did this to our configuration, and I can't find where it > might have been done for us in the default configuration. > > So, all this boils down to the simple question: how does activemq-demo.xml > work? Where is client.ks and client.ts configured for this demo? > > Thanks, > Jim Lloyd >